Ordering SSL under GDPR

Under GDPR, most registries do no longer show e-mail addresses in the whois. As a result, the process of ordering a SSL certificate is a little different under GDPR. In particular, the domain validation of an SSL certificate needs your attention. In many cases, you can no longer use whois-based e-mail addresses for this.

The GDPR affects the domain validation (DV) step during the ordering process of a SSL certificate. We strongly advise to use only the standard prefixes when you are ordering or reissuing an SSL certificate under GDPR:

• admin@domain.com
• administrator@domain.com
• postmaster@domain.com
• webmaster@domain.com
• hostmaster@domain.com

Using those standard addresses guarantees a smooth order – when those mailboxes exist, of course!

If you do not want to rely on email, you can also pick validation by DNS or HTTP. You can find more information about this in your SSL panel.

The GDPR became active on 25 May 2018. As a regulation, the GDPR aims to protect personal data of private individuals within the European Union. You can read more about how the GDPR affects Openprovider here and how it specifically affects domain transfers here. Some local presence requirements for ccTLDs have also been loosened under GDPR. You can find more information about this here.